Skip to content
This repository has been archived by the owner on Nov 12, 2019. It is now read-only.

Commit

Permalink
Adds support for file and severity threshold
Browse files Browse the repository at this point in the history
  • Loading branch information
@jessehouwing
jessehouwing committed Mar 16, 2018
1 parent ba3fa8e commit 51c9de0
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 12 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Expand Up @@ -4,6 +4,11 @@

# Release Notes

> **16-03-2018**
> - Updated: built-in snyk to 1.70.2
> - Added: support severity threshold
> - Added: support for specifying package file type
> **13-03-2017**
> - Updated: built-in snyk to 1.25.2
> - Added: snyk badge
Expand Down
6 changes: 3 additions & 3 deletions vsts-snyk/package.json
View file
Expand Up @@ -13,13 +13,13 @@
},
"license": "MIT",
"dependencies": {
"snyk": "^1.69.7",
"vsts-task-lib": "^2.2.1"
"snyk": "^1.70.2",
"vsts-task-lib": "^2.3.0"
},
"scripts": {
"initdev:npm": "npm install",
"initdev": "npm run initdev:npm",
"build": "tsc && npm dedupe && npm prune --production"
"build": "tsc && tslint --project . && npm dedupe && npm prune --production"
},
"devDependencies": {
"@types/node": "^6.0.56",
Expand Down
39 changes: 38 additions & 1 deletion vsts-snyk/task.json
View file
Expand Up @@ -36,6 +36,29 @@
"required": false,
"type": "filePath"
},
{
"name": "optionFile",
"type": "pickList",
"label": "File",
"required": false,
"defaultValue": "",
"options": {
"default": "",
"yarn.lock": "yarn.lock",
"package.json": "package.json",
"Gemfile": "Gemfile",
"Gemfile.lock": "Gemfile.lock",
"pom.xml": "pom.xml",
"requirements.txt": "requirements.txt",
"build.gradle": "build.gradle",
"build.sbt": "build.sbt",
"Gopkg.lock": "Gopkg.lock",
"vendor/vendor.json": "vendor/vendor.json",
"obj/project.assets.json": "obj/project.assets.json",
"packages.config": "packages.config"
},
"helpMarkdown": "Sets package file."
},
{
"name": "actionProtect",
"type": "boolean",
Expand Down Expand Up @@ -73,7 +96,6 @@
},
"visibleRule": "actionMonitor=true"
},

{
"name": "optionAuthenticationType",
"type": "radio",
Expand Down Expand Up @@ -105,6 +127,21 @@
"type": "string",
"visibleRule": "optionAuthenticationType=token"
},
{
"name": "optionSeverityThreshold",
"type": "pickList",
"label": "Severity Threshold",
"required": false,
"defaultValue": "",
"options": {
"default": "",
"low": "Low",
"medium": "Medium",
"high": "High"
},
"groupName": "Advanced",
"helpMarkdown": "Only report vulnerabilities of provided level or higher."
},
{
"name": "optionFailBuild",
"type": "boolean",
Expand Down
2 changes: 2 additions & 0 deletions vsts-snyk/vsts-snyk-task.njsproj
View file
Expand Up @@ -5,6 +5,8 @@
<VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
<Name>vsts-variable-transform</Name>
<RootNamespace>NodejsConsoleApp1</RootNamespace>
<ToolsVersionPromptShown>0.0</ToolsVersionPromptShown>
<TypeScriptToolsVersion>2.6</TypeScriptToolsVersion>
</PropertyGroup>
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
Expand Down
20 changes: 12 additions & 8 deletions vsts-snyk/vsts-snyk.ts
View file
@@ -1,16 +1,18 @@
import * as tl from "vsts-task-lib/task";
import * as tr from "vsts-task-lib/toolrunner";
import * as os from "os"
import * as path from "path"
import * as os from "os";
import * as path from "path";

class Settings {
projectsToScan: string;
file: string;
auth: string;
dev: boolean;
failBuild: boolean;
trustPolicies: boolean;
org: string;
additionalArguments: string;
severityThreshold: string;
}

async function run() {
Expand Down Expand Up @@ -63,8 +65,9 @@ async function run() {

const settings: Settings = new Settings();

settings.severityThreshold = tl.getInput("optionSeverityThreshold", false) || "default";
settings.file = tl.getInput("optionFile", false) || "default";
settings.projectsToScan = tl.getInput("optionProjectsToScan", true);

settings.dev = tl.getBoolInput("optionDev", false);
settings.failBuild = tl.getBoolInput("optionFailBuild", false);
settings.trustPolicies = tl.getBoolInput("optionTrustPolicies", false);
Expand Down Expand Up @@ -100,11 +103,11 @@ async function run() {
try {
if (!tl.which("patch")) {
const agentFolder = tl.getVariable("Agent.HomeDirectory");
process.env['PATH'] = path.join(agentFolder, "/externals/git/usr/bin/") + ";" + oldPath;
process.env["PATH"] = path.join(agentFolder, "/externals/git/usr/bin/") + ";" + oldPath;
}
await runSnyk(snyk, "protect", settings);
} finally {
process.env['PATH'] = oldPath;
process.env["PATH"] = oldPath;
}
}
if (test) {
Expand All @@ -128,7 +131,7 @@ function matchesMonitorBranch(monitorBranches: string[], branch: string) {
async function upgradeSnyk() {
tl.debug(`Updating snyk...`);
const npmRunner = new tr.ToolRunner(tl.which("npm"));
npmRunner.arg("update");
npmRunner.arg("install");
npmRunner.arg("snyk@latest");
npmRunner.arg("--prefix");
npmRunner.arg(__dirname);
Expand All @@ -143,8 +146,7 @@ async function upgradeSnyk() {
}
}

async function runSnyk(path: string, command: string, settings: Settings)
{
async function runSnyk(path: string, command: string, settings: Settings) {
tl.debug(`Calling snyk ${command}...`);
process.env["CONTINUOUS_INTEGRATION"] = "true";

Expand All @@ -166,9 +168,11 @@ async function runSnyk(path: string, command: string, settings: Settings)
tl.cd(settings.projectsToScan);
}

snykRunner.argIf(settings.severityThreshold !== "default", `--severity-threshold=${settings.severityThreshold}`);
snykRunner.argIf(settings.dev, "--dev");
snykRunner.argIf(settings.trustPolicies, "--trust-policies");
snykRunner.argIf(settings.org, `--org="${settings.org}"`);
snykRunner.argIf(settings.file !== "default", `--file="${settings.file}"`);

snykRunner.line(settings.additionalArguments);
break;
Expand Down

0 comments on commit 51c9de0

Please sign in to comment.